|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Growing DoS attacks
On Thu, Jan 17, 2002 at 03:32:21PM +0100, Vincent Gillet wrote: > [email protected] disait : > > > > rate-limite and/or traffic filtering may be available on some > > > box (GSR) but cannot run concurently with other feature (NetFlow). > > > > I seem to have just found out that ACLs and sampled NetFlow can > > both be configured concurrently on routers running IOS >= 12.0(18)S. > > All can be configured concurently .... but you have a message > from line card that Netflowx has been stopped because another feature > is activated. Right. That is the behaviour that I have been led to believe no longer happens past 12.0(18)S; supposedly, on 12.0(18)S and greater, ACL and SNF can both be configured concurrently such that both features work concurrently. If you know different, I would love to hear about it :) > Below is feedback i received from Cisco : > > 1. There is no incompatibilities on E0,1,3,4 but some features are not > available on some E > 2. For E2 in 17S, here are the priorities: > ACLs > SNF > PIRC > IP Coloring > BGP Policy accounting > FR Traffic policing which is not FR traffic shaping > > Beside, output ACL are done at ingress (before forwarding), > thus output ACL activate input filtering on all LC ... That gels nicely with what I have been told; an input ACL on an interface disables SNF on that interface, while an output ACL on any interface disables SNF on the entire router. Joe
|